Shulou(Shulou.com)06/01 Report--

This article shows you how to check whether the server has been compromised, the content is concise and easy to understand, can definitely brighten your eyes, through the detailed introduction of this article, I hope you can get something.

Steps:

1. View the system group and users. Suppose you find that an admin$ or similar user is added to the administrators group, then there is a great possibility that your website has already been invaded.

2. Check whether there are abnormal login and publication records in the administrator account. Select all system login diaries and publish diaries, and check their login ip to verify whether the ip is a commonly used administrator login ip.

3. Check whether there are abnormal startup items on the server.

If one of these three points is abnormal, it means that your server has basically been compromised.

Solution:

NO1 temporarily closes the website: after the website is invaded, the most common situation is to be implanted with a Trojan horse. In order to ensure the safety of visitors, the website is generally temporarily closed. In the closure process, you can temporarily transfer the domain name to another website or a tell page.

NO2 analyzes the degree of damage to the website: some hackers will empty all the website data after invading the website, assuming that the site with data backup can eventually rely on data backup to recover the website data, and if there is no backup, you need to ask a professional hard disk data rehabilitation company for data recovery. Assuming that there is no change in the page data of the site, the site may just be hung up and can rely on the third or fourth steps to eliminate the impact.

NO3 detects gaps and patches: after data recovery, be sure to scan the gaps in the website and patch them. The general website program official will launch the relevant patch file regularly, as long as the file is uploaded to the server and covered up.

NO4 Trojan virus eradication: Trojan virus can eventually rely on professional antivirus software to check and kill. It must be noted here that sometimes some normal files will be misjudged as viruses, so a period of time requires users to identify them carefully.

NO5 often backs up data: backing up often is a good habit! Whether it is an enterprise station or an information station, the most important thing is to back up the data frequently, otherwise there will be a backup if you only have your own technology on that day.

The above is how to check whether the server has been compromised. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.